Backed out 2 changesets (bug 1816519, bug 1816520) for causing build …

…bustages on WinWebAuthnManager.cpp. CLOSED TREE

Backed out changeset 1bae007bf17b (bug 1816520)
Backed out changeset 96cdbead4d15 (bug 1816519)

.clang-format-ignore

@@ -91,6 +91,7 @@ dom/media/webspeech/recognition/energy_endpointer.cc
 dom/media/webspeech/recognition/energy_endpointer.h
 dom/media/webspeech/recognition/energy_endpointer_params.cc
 dom/media/webspeech/recognition/energy_endpointer_params.h
+dom/webauthn/cbor-cpp/.*
 dom/webauthn/winwebauthn/webauthn.h
 editor/libeditor/tests/browserscope/lib/richtext/.*
 editor/libeditor/tests/browserscope/lib/richtext2/.*

.prettierignore

@@ -1299,6 +1299,8 @@ dom/tests/mochitest/ajax/
 dom/tests/mochitest/dom-level1-core/
 dom/tests/mochitest/dom-level2-core/
 dom/tests/mochitest/dom-level2-html/
+dom/u2f/tests/pkijs/
+dom/webauthn/cbor-cpp/
 dom/webauthn/tests/pkijs/
 dom/webgpu/tests/cts/checkout/
 editor/libeditor/tests/browserscope/lib/richtext/

dom/webauthn/AuthenticatorAttestationResponse.cpp

@@ -4,7 +4,6 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#include "AuthrsBridge_ffi.h"
 #include "mozilla/dom/WebAuthenticationBinding.h"
 #include "mozilla/dom/AuthenticatorAttestationResponse.h"
 
@@ -54,8 +53,7 @@ JSObject* AuthenticatorAttestationResponse::WrapObject(
 void AuthenticatorAttestationResponse::GetAttestationObject(
     JSContext* aCx, JS::MutableHandle<JSObject*> aValue, ErrorResult& aRv) {
   if (!mAttestationObjectCachedObj) {
-    mAttestationObjectCachedObj = ArrayBuffer::Create(
-        aCx, mAttestationObject.Length(), mAttestationObject.Elements());
+    mAttestationObjectCachedObj = mAttestationObject.ToArrayBuffer(aCx);
     if (!mAttestationObjectCachedObj) {
       aRv.NoteJSContextException(aCx);
       return;
@@ -65,88 +63,11 @@ void AuthenticatorAttestationResponse::GetAttestationObject(
 }
 
 nsresult AuthenticatorAttestationResponse::SetAttestationObject(
-    const nsTArray<uint8_t>& aBuffer) {
-  if (!mAttestationObject.Assign(aBuffer, mozilla::fallible)) {
+    CryptoBuffer& aBuffer) {
+  if (NS_WARN_IF(!mAttestationObject.Assign(aBuffer))) {
     return NS_ERROR_OUT_OF_MEMORY;
   }
-
   return NS_OK;
 }
 
-void AuthenticatorAttestationResponse::GetAuthenticatorData(
-    JSContext* aCx, JS::MutableHandle<JSObject*> aValue, ErrorResult& aRv) {
-  if (!mAttestationObjectParsed) {
-    nsresult rv = authrs_webauthn_att_obj_constructor(
-        mAttestationObject, /* anonymize */ false,
-        getter_AddRefs(mAttestationObjectParsed));
-    if (NS_FAILED(rv)) {
-      aRv.Throw(rv);
-      return;
-    }
-  }
-
-  nsTArray<uint8_t> authenticatorData;
-  nsresult rv =
-      mAttestationObjectParsed->GetAuthenticatorData(authenticatorData);
-  if (NS_FAILED(rv)) {
-    aRv.Throw(rv);
-    return;
-  }
-
-  JS::Heap<JSObject*> buffer(ArrayBuffer::Create(
-      aCx, authenticatorData.Length(), authenticatorData.Elements()));
-  if (!buffer) {
-    aRv.NoteJSContextException(aCx);
-    return;
-  }
-  aValue.set(buffer);
-}
-
-void AuthenticatorAttestationResponse::GetPublicKey(
-    JSContext* aCx, JS::MutableHandle<JSObject*> aValue, ErrorResult& aRv) {
-  if (!mAttestationObjectParsed) {
-    nsresult rv = authrs_webauthn_att_obj_constructor(
-        mAttestationObject, false, getter_AddRefs(mAttestationObjectParsed));
-    if (NS_FAILED(rv)) {
-      aRv.Throw(rv);
-      return;
-    }
-  }
-
-  nsTArray<uint8_t> publicKey;
-  nsresult rv = mAttestationObjectParsed->GetPublicKey(publicKey);
-  if (NS_FAILED(rv)) {
-    if (rv == NS_ERROR_NOT_AVAILABLE) {
-      aValue.set(nullptr);
-    } else {
-      aRv.Throw(NS_ERROR_OUT_OF_MEMORY);
-    }
-    return;
-  }
-
-  JS::Heap<JSObject*> buffer(
-      ArrayBuffer::Create(aCx, publicKey.Length(), publicKey.Elements()));
-  if (!buffer) {
-    aRv.NoteJSContextException(aCx);
-    return;
-  }
-  aValue.set(buffer);
-}
-
-COSEAlgorithmIdentifier AuthenticatorAttestationResponse::GetPublicKeyAlgorithm(
-    ErrorResult& aRv) {
-  if (!mAttestationObjectParsed) {
-    nsresult rv = authrs_webauthn_att_obj_constructor(
-        mAttestationObject, false, getter_AddRefs(mAttestationObjectParsed));
-    if (NS_FAILED(rv)) {
-      aRv.Throw(rv);
-      return 0;
-    }
-  }
-
-  COSEAlgorithmIdentifier alg;
-  mAttestationObjectParsed->GetPublicKeyAlgorithm(&alg);
-  return alg;
-}
-
 }  // namespace mozilla::dom

dom/webauthn/AuthenticatorAttestationResponse.h

@@ -11,8 +11,8 @@
 #include "mozilla/Attributes.h"
 #include "mozilla/dom/AuthenticatorResponse.h"
 #include "mozilla/dom/BindingDeclarations.h"
+#include "mozilla/dom/CryptoBuffer.h"
 #include "nsCycleCollectionParticipant.h"
-#include "nsIWebAuthnController.h"
 #include "nsWrapperCache.h"
 
 namespace mozilla::dom {
@@ -35,19 +35,10 @@ class AuthenticatorAttestationResponse final : public AuthenticatorResponse {
   void GetAttestationObject(JSContext* aCx, JS::MutableHandle<JSObject*> aValue,
                             ErrorResult& aRv);
 
-  nsresult SetAttestationObject(const nsTArray<uint8_t>& aBuffer);
-
-  void GetAuthenticatorData(JSContext* aCx, JS::MutableHandle<JSObject*> aValue,
-                            ErrorResult& aRv);
-
-  void GetPublicKey(JSContext* aCx, JS::MutableHandle<JSObject*> aValue,
-                    ErrorResult& aRv);
-
-  COSEAlgorithmIdentifier GetPublicKeyAlgorithm(ErrorResult& aRv);
+  nsresult SetAttestationObject(CryptoBuffer& aBuffer);
 
  private:
-  nsTArray<uint8_t> mAttestationObject;
-  nsCOMPtr<nsIWebAuthnAttObj> mAttestationObjectParsed;
+  CryptoBuffer mAttestationObject;
   JS::Heap<JSObject*> mAttestationObjectCachedObj;
 };
 

dom/webauthn/AuthrsTransport.cpp

@@ -3,10 +3,18 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "AuthrsTransport.h"
-#include "AuthrsBridge_ffi.h"
 #include "nsIWebAuthnController.h"
 #include "nsCOMPtr.h"
 
+namespace {
+extern "C" {
+
+// Implemented in Rust
+nsresult authrs_transport_constructor(nsIWebAuthnTransport** result);
+
+}  // extern "C"
+}  // namespace
+
 namespace mozilla::dom {
 
 already_AddRefed<nsIWebAuthnTransport> NewAuthrsTransport() {

dom/webauthn/WebAuthnCBORUtil.cpp

@@ -0,0 +1,45 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "cbor-cpp/src/cbor.h"
+#include "mozilla/dom/WebAuthnCBORUtil.h"
+#include "mozilla/dom/WebAuthnUtil.h"
+
+namespace mozilla::dom {
+
+nsresult CBOREncodeNoneAttestationObj(const CryptoBuffer& aAuthDataBuf,
+                                      /* out */ CryptoBuffer& aAttestationObj) {
+  /*
+  Attestation Object, encoded in CBOR (description is CDDL)
+
+  $$attStmtType //= (
+                          fmt: "none",
+                          attStmt: emptyMap
+                      )
+
+  emptyMap = {}
+  */
+  cbor::output_dynamic cborAttOut;
+  cbor::encoder encoder(cborAttOut);
+  encoder.write_map(3);
+  {
+    encoder.write_string("fmt");
+    encoder.write_string("none");
+
+    encoder.write_string("attStmt");
+    encoder.write_map(0);
+
+    encoder.write_string("authData");
+    encoder.write_bytes(aAuthDataBuf.Elements(), aAuthDataBuf.Length());
+  }
+
+  if (!aAttestationObj.Assign(cborAttOut.data(), cborAttOut.size())) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  return NS_OK;
+}
+
+}  // namespace mozilla::dom

dom/webauthn/WebAuthnCBORUtil.h

@@ -0,0 +1,22 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_dom_WebAuthnCBORUtil_h
+#define mozilla_dom_WebAuthnCBORUtil_h
+
+/*
+ * Serialize and deserialize CBOR data formats for WebAuthn
+ */
+
+#include "mozilla/dom/CryptoBuffer.h"
+
+namespace mozilla::dom {
+
+nsresult CBOREncodeNoneAttestationObj(const CryptoBuffer& aAuthDataBuf,
+                                      /* out */ CryptoBuffer& aAttestationObj);
+
+}  // namespace mozilla::dom
+#endif  // mozilla_dom_WebAuthnCBORUtil_h

dom/webauthn/WebAuthnUtil.cpp

@@ -5,6 +5,7 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "mozilla/dom/WebAuthnUtil.h"
+#include "mozilla/dom/WebAuthnCBORUtil.h"
 #include "nsComponentManagerUtils.h"
 #include "nsICryptoHash.h"
 #include "nsIEffectiveTLDService.h"
@@ -107,6 +108,29 @@ bool EvaluateAppID(nsPIDOMWindowInner* aParent, const nsString& aOrigin,
   return false;
 }
 
+nsresult ReadToCryptoBuffer(pkix::Reader& aSrc, /* out */ CryptoBuffer& aDest,
+                            uint32_t aLen) {
+  if (aSrc.EnsureLength(aLen) != pkix::Success) {
+    return NS_ERROR_DOM_UNKNOWN_ERR;
+  }
+
+  if (!aDest.SetCapacity(aLen, mozilla::fallible)) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  for (uint32_t offset = 0; offset < aLen; ++offset) {
+    uint8_t b;
+    if (aSrc.Read(b) != pkix::Success) {
+      return NS_ERROR_DOM_UNKNOWN_ERR;
+    }
+    if (!aDest.AppendElement(b, mozilla::fallible)) {
+      return NS_ERROR_OUT_OF_MEMORY;
+    }
+  }
+
+  return NS_OK;
+}
+
 static nsresult HashCString(nsICryptoHash* aHashService, const nsACString& aIn,
                             /* out */ CryptoBuffer& aOut) {
   MOZ_ASSERT(aHashService);

dom/webauthn/WinWebAuthnManager.cpp

@@ -6,14 +6,14 @@
 
 #include "mozilla/Assertions.h"
 #include "mozilla/dom/PWebAuthnTransactionParent.h"
+#include "mozilla/dom/WebAuthnCBORUtil.h"
 #include "mozilla/MozPromise.h"
 #include "mozilla/ipc/BackgroundParent.h"
 #include "mozilla/ClearOnShutdown.h"
 #include "mozilla/dom/CryptoBuffer.h"
 #include "mozilla/Unused.h"
 #include "nsTextFormatter.h"
 #include "nsWindowsHelpers.h"
-#include "AuthrsBridge_ffi.h"
 #include "WebAuthnEnumStrings.h"
 #include "WebAuthnTransportIdentifiers.h"
 #include "winwebauthn/webauthn.h"
@@ -426,30 +426,21 @@ void WinWebAuthnManager::Register(
         pWebAuthNCredentialAttestation->cbAuthenticatorData);
 
     nsTArray<uint8_t> attObject;
-    attObject.AppendElements(
-        pWebAuthNCredentialAttestation->pbAttestationObject,
-        pWebAuthNCredentialAttestation->cbAttestationObject);
-
     if (winAttestation == WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_NONE) {
-      // The anonymize flag in the nsIWebAuthnAttObj constructor causes the
-      // attestation statement to be removed during deserialization. It also
-      // causes the AAGUID to be zeroed out. If we can't deserialize the
-      // existing attestation, then we can't ensure that it is anonymized, so we
-      // act as though the user denied consent and we return NotAllowed.
-      nsCOMPtr<nsIWebAuthnAttObj> anonymizedAttObj;
-      nsresult rv = authrs_webauthn_att_obj_constructor(
-          attObject,
-          /* anonymize */ true, getter_AddRefs(anonymizedAttObj));
-      if (NS_FAILED(rv)) {
-        MaybeAbortRegister(aTransactionId, NS_ERROR_DOM_NOT_ALLOWED_ERR);
-        return;
-      }
-      attObject.Clear();
-      rv = anonymizedAttObj->GetAttestationObject(attObject);
-      if (NS_FAILED(rv)) {
-        MaybeAbortRegister(aTransactionId, NS_ERROR_DOM_NOT_ALLOWED_ERR);
-        return;
-      }
+      // Zero AAGuid
+      const uint8_t zeroGuid[16] = {0};
+      authenticatorData.ReplaceElementsAt(32 + 1 + 4 /*AAGuid offset*/, 16,
+                                          zeroGuid, 16);
+
+      CryptoBuffer authData;
+      authData.Assign(authenticatorData);
+      CryptoBuffer noneAttObj;
+      CBOREncodeNoneAttestationObj(authData, noneAttObj);
+      attObject.AppendElements(noneAttObj);
+    } else {
+      attObject.AppendElements(
+          pWebAuthNCredentialAttestation->pbAttestationObject,
+          pWebAuthNCredentialAttestation->cbAttestationObject);
     }
 
     nsTArray<WebAuthnExtensionResult> extensions;